Your message dated Wed, 04 May 2011 21:38:21 +0000
with message-id <[email protected]>
and subject line Bug#624800: fixed in libphysfs 2.0.2-3
has caused the Debian Bug report #624800,
regarding physfs corruption (double free) in hardened version
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
624800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624800
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libphysfs1
Severity: critical
Version: 2.0.2-2
Hello,
I have just uploaded a hardened version of physfs to Debian (with
fortify source, relro, pie and stack canary enabled).
I have attached a test program of a bug submitter, with that physfs
crashs, because of a double free exception, on amd64 (but not on i386).
Save it somewhere and then run:
$ rm bug
$ mkdir -p
testdir/dirnumber{1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20}
$ gcc bug.c -lphysfs -o bug
$ ./bug
=>
me@exez:~/build$ LC_ALL=C ./bug
*** glibc detected *** ./bug: double free or corruption (fasttop):
0x00000000015a13c0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x71ab6)[0x7fb8ffe80ab6]
/lib/libc.so.6(cfree+0x6c)[0x7fb8ffe8582c]
/usr/lib/libphysfs.so.1(PHYSFS_freeList+0x29)[0x7fb900177fd9]
./bug[0x40074b]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fb8ffe2dc4d]
./bug[0x400649]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:31 8765828
/home/me/build/bug
00600000-00601000 rw-p 00000000 08:31 8765828
/home/me/build/bug
01599000-015ba000 rw-p 00000000 00:00 0
[heap]
7fb8f8000000-7fb8f8021000 rw-p 00000000 00:00 0
7fb8f8021000-7fb8fc000000 ---p 00000000 00:00 0
7fb8ff9e2000-7fb8ff9f7000 r-xp 00000000 08:04 15343658
/lib/libgcc_s.so.1
7fb8ff9f7000-7fb8ffbf7000 ---p 00015000 08:04 15343658
/lib/libgcc_s.so.1
7fb8ffbf7000-7fb8ffbf8000 rw-p 00015000 08:04 15343658
/lib/libgcc_s.so.1
7fb8ffbf8000-7fb8ffc0f000 r-xp 00000000 08:04 21389585
/usr/lib/libz.so.1.2.3.4
7fb8ffc0f000-7fb8ffe0e000 ---p 00017000 08:04 21389585
/usr/lib/libz.so.1.2.3.4
7fb8ffe0e000-7fb8ffe0f000 rw-p 00016000 08:04 21389585
/usr/lib/libz.so.1.2.3.4
7fb8ffe0f000-7fb8fff67000 r-xp 00000000 08:04 15343758
/lib/libc-2.11.2.so
7fb8fff67000-7fb900167000 ---p 00158000 08:04 15343758
/lib/libc-2.11.2.so
7fb900167000-7fb90016b000 r--p 00158000 08:04 15343758
/lib/libc-2.11.2.so
7fb90016b000-7fb90016c000 rw-p 0015c000 08:04 15343758
/lib/libc-2.11.2.so
7fb90016c000-7fb900171000 rw-p 00000000 00:00 0
7fb900171000-7fb900192000 r-xp 00000000 08:04 21390125
/usr/lib/libphysfs.so.2.0.2
7fb900192000-7fb900392000 ---p 00021000 08:04 21390125
/usr/lib/libphysfs.so.2.0.2
7fb900392000-7fb900394000 r--p 00021000 08:04 21390125
/usr/lib/libphysfs.so.2.0.2
7fb900394000-7fb900395000 rw-p 00023000 08:04 21390125
/usr/lib/libphysfs.so.2.0.2
7fb900395000-7fb9003b3000 r-xp 00000000 08:04 24567820
/lib/ld-2.11.2.so
7fb900598000-7fb90059b000 rw-p 00000000 00:00 0
7fb9005b0000-7fb9005b2000 rw-p 00000000 00:00 0
7fb9005b2000-7fb9005b3000 r--p 0001d000 08:04 24567820
/lib/ld-2.11.2.so
7fb9005b3000-7fb9005b4000 rw-p 0001e000 08:04 24567820
/lib/ld-2.11.2.so
7fb9005b4000-7fb9005b5000 rw-p 00000000 00:00 0
7fffbfce6000-7fffbfd07000 rw-p 00000000 00:00 0
[stack]
7fffbfd3f000-7fffbfd40000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Abgebrochen
me@exez:~/build$
<=
gdb output:
=>
me@exez:~/build$ LC_ALL=C gdb ./bug
GNU gdb (GDB) 7.2-debian
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/me/build/bug...(no debugging symbols
found)...done.
(gdb) run
Starting program: /home/me/build/bug
*** glibc detected *** /home/me/build/bug: double free or corruption
(fasttop): 0x00000000006093c0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x71ab6)[0x7ffff78caab6]
/lib/libc.so.6(cfree+0x6c)[0x7ffff78cf82c]
/usr/lib/libphysfs.so.1(PHYSFS_freeList+0x29)[0x7ffff7bc1fd9]
/home/me/build/bug[0x40074b]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7ffff7877c4d]
/home/me/build/bug[0x400649]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:31 8765828
/home/me/build/bug
00600000-00601000 rw-p 00000000 08:31 8765828
/home/me/build/bug
00601000-00622000 rw-p 00000000 00:00 0
[heap]
7ffff0000000-7ffff0021000 rw-p 00000000 00:00 0
7ffff0021000-7ffff4000000 ---p 00000000 00:00 0
7ffff742c000-7ffff7441000 r-xp 00000000 08:04 15343658
/lib/libgcc_s.so.1
7ffff7441000-7ffff7641000 ---p 00015000 08:04 15343658
/lib/libgcc_s.so.1
7ffff7641000-7ffff7642000 rw-p 00015000 08:04 15343658
/lib/libgcc_s.so.1
7ffff7642000-7ffff7659000 r-xp 00000000 08:04 21389585
/usr/lib/libz.so.1.2.3.4
7ffff7659000-7ffff7858000 ---p 00017000 08:04 21389585
/usr/lib/libz.so.1.2.3.4
7ffff7858000-7ffff7859000 rw-p 00016000 08:04 21389585
/usr/lib/libz.so.1.2.3.4
7ffff7859000-7ffff79b1000 r-xp 00000000 08:04 15343758
/lib/libc-2.11.2.so
7ffff79b1000-7ffff7bb1000 ---p 00158000 08:04 15343758
/lib/libc-2.11.2.so
7ffff7bb1000-7ffff7bb5000 r--p 00158000 08:04 15343758
/lib/libc-2.11.2.so
7ffff7bb5000-7ffff7bb6000 rw-p 0015c000 08:04 15343758
/lib/libc-2.11.2.so
7ffff7bb6000-7ffff7bbb000 rw-p 00000000 00:00 0
7ffff7bbb000-7ffff7bdc000 r-xp 00000000 08:04 21390125
/usr/lib/libphysfs.so.2.0.2
7ffff7bdc000-7ffff7ddc000 ---p 00021000 08:04 21390125
/usr/lib/libphysfs.so.2.0.2
7ffff7ddc000-7ffff7dde000 r--p 00021000 08:04 21390125
/usr/lib/libphysfs.so.2.0.2
7ffff7dde000-7ffff7ddf000 rw-p 00023000 08:04 21390125
/usr/lib/libphysfs.so.2.0.2
7ffff7ddf000-7ffff7dfd000 r-xp 00000000 08:04 24567820
/lib/ld-2.11.2.so
7ffff7fe1000-7ffff7fe4000 rw-p 00000000 00:00 0
7ffff7ff9000-7ffff7ffb000 rw-p 00000000 00:00 0
7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0
[vdso]
7ffff7ffc000-7ffff7ffd000 r--p 0001d000 08:04 24567820
/lib/ld-2.11.2.so
7ffff7ffd000-7ffff7ffe000 rw-p 0001e000 08:04 24567820
/lib/ld-2.11.2.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0
[stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Program received signal SIGABRT, Aborted.
0x00007ffff788b165 in raise () from /lib/libc.so.6
(gdb) bt
#0 0x00007ffff788b165 in raise () from /lib/libc.so.6
#1 0x00007ffff788df70 in abort () from /lib/libc.so.6
#2 0x00007ffff78c125b in ?? () from /lib/libc.so.6
#3 0x00007ffff78caab6 in ?? () from /lib/libc.so.6
#4 0x00007ffff78cf82c in free () from /lib/libc.so.6
#5 0x00007ffff7bc1fd9 in PHYSFS_freeList (list=0x609750) at
/tmp/buildd/libphysfs-2.0.2/physfs.c:872
#6 0x000000000040074b in main ()
(gdb)
<=
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
E-Mail: [email protected]
[email protected]
Comment:
Always if we think we are right,
we were maybe wrong.
*/
#include <stdio.h>
#include <physfs.h>
int main(int argc, char *argv[]){
PHYSFS_init(argv[0]);
PHYSFS_addToSearchPath(".", 0);
char **dirs = PHYSFS_enumerateFiles("testdir/");
PHYSFS_freeList(dirs);
}
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: libphysfs
Source-Version: 2.0.2-3
We believe that the bug you reported is fixed in the latest version of
libphysfs, which is due to be installed in the Debian FTP archive:
libphysfs-dev_2.0.2-3_amd64.deb
to main/libp/libphysfs/libphysfs-dev_2.0.2-3_amd64.deb
libphysfs1-dbg_2.0.2-3_amd64.deb
to main/libp/libphysfs/libphysfs1-dbg_2.0.2-3_amd64.deb
libphysfs1_2.0.2-3_amd64.deb
to main/libp/libphysfs/libphysfs1_2.0.2-3_amd64.deb
libphysfs_2.0.2-3.debian.tar.gz
to main/libp/libphysfs/libphysfs_2.0.2-3.debian.tar.gz
libphysfs_2.0.2-3.dsc
to main/libp/libphysfs/libphysfs_2.0.2-3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated libphysfs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 May 2011 22:39:43 +0200
Source: libphysfs
Binary: libphysfs-dev libphysfs1 libphysfs1-dbg
Architecture: source amd64
Version: 2.0.2-3
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Description:
libphysfs-dev - filesystem abstraction library for game programmers
(development
libphysfs1 - filesystem abstraction library for game programmers
libphysfs1-dbg - filesystem abstraction library for game programmers (debug
symbol
Closes: 624800
Changes:
libphysfs (2.0.2-3) unstable; urgency=low
.
* Rebuild package. It looks like the building hardware was just damaged.
Closes: #624800
Checksums-Sha1:
c4f5c372323b809f2fd567cb34d392597110dc04 2045 libphysfs_2.0.2-3.dsc
65bd2d178ffe71c570e596c05ab4d0c2f0a3079c 6746 libphysfs_2.0.2-3.debian.tar.gz
0e59d705af207211df4597e74e7197e03be022ab 245916 libphysfs-dev_2.0.2-3_amd64.deb
443d0871f30d37f893e99a61538e527453b89b13 65464 libphysfs1_2.0.2-3_amd64.deb
73ca47c681cbb8dc09872e8c57538a879813d99d 142442
libphysfs1-dbg_2.0.2-3_amd64.deb
Checksums-Sha256:
bbabf54e3f29950ee84b49eebd73d843b238a1c421695aee42f57dfe29e51b31 2045
libphysfs_2.0.2-3.dsc
9411c9e95cc5aebef03b29713d851c022d69856ba63d50be2206ba560952859c 6746
libphysfs_2.0.2-3.debian.tar.gz
b31f793496c71364e9f8ef5db520b6e5d77c73e0a64e489f2c02d39269f35e16 245916
libphysfs-dev_2.0.2-3_amd64.deb
11e5bab3ddcc4e111b936172807ad782c827fdb19ec9750e74660e390f92fd15 65464
libphysfs1_2.0.2-3_amd64.deb
00a7831d6576d957ca235b07dcef1cc678384a9117eb3c26f4ed4434927920c7 142442
libphysfs1-dbg_2.0.2-3_amd64.deb
Files:
a596ad75155cd539f029e182a3dad150 2045 libs optional libphysfs_2.0.2-3.dsc
d8684aea62a2ed5f08930355bbe0bdb5 6746 libs optional
libphysfs_2.0.2-3.debian.tar.gz
0a9946ce11eaed88af12d872d1db2520 245916 libdevel optional
libphysfs-dev_2.0.2-3_amd64.deb
421f759d485984bce914b1147fb5e994 65464 libs optional
libphysfs1_2.0.2-3_amd64.deb
1922b39ffa693920d51eb36417b17cb9 142442 debug extra
libphysfs1-dbg_2.0.2-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJNwbtVAAoJEBLZsEqQy9jkEeMP/jaTjEo2a2rjxl6Fe0lb6221
hvoF6m0A2D2DODoEX7nDT16Oer62jAFnmjg1C1joxpX75oczmNww+P1ukIPnCpwD
JrT+vrJ2j2/Xr5rJwOWFWtE/Ab2afMIa5wETXGPPakizrNn2KfSzzhllMY78FniQ
5CxFiNBqszVsKVZuyGqMMYe7nZupO0UXZG79wsUHn6JZXDvnJdQ1yoAmMJ3xmK9q
jlmhPSL/EI0oKk6DmTsD3FKLFW4jyUtRm+K1RJZoftOrO53zcq3Waoi/Zt4Nrxkb
TlMeqbQr5a0uLpwHpy6wvlDPQWBZx0LP+/x6NG3+66TfgHLtu45qZkltFCH+NmIV
FTJVJSglQUthG6j/D85A0n/kLGWRn/r59OlF1ui/5PEzEksdRz5M6/icANqF7isX
8dbgayJ0Tfo7KrxcGgCKWp84RCUXk5TIlQij5bZmdwOoDthrot3Ikk7AItQM5zZq
EAJODCX8jzDquMHDRbFUEfoS0wTN5qZBQ5NGR9m/kqb64dIdiBNu6B9PHkW5bSCz
VfVon8xMdC7qwjYtTsVoiSLzxko4DUzyy3tthH2kA3/QK8WyHKWPEVBHYpE0rAm9
uu3EkX9rNwy/tU/lUsEc+c7LiBWrwYyLiodqEWP5z8GjeqyhGQLHDzassSMe3/Ed
0jPPq+sru+vYz6FYaAgV
=hEH1
-----END PGP SIGNATURE-----
--- End Message ---
